Posts tagged Skills

5 min Skills

You Need To Understand Lateral Movement To Detect More Attacks

Thanks to well-structured industry reports like the annual Verizon DBIR, Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the realities of modern attacks are reaching a much broader audience. While a great deal of successful breaches were not the work of particularly sophisticated attackers, these reports make it very clear that the techniques once only known to espionage groups are now mainstream. Lateral movement technologies have crossed the chasm I have written before ab

4 min Honeypots

Leverage Attackers' Need To Explore For Detection

When you examine the sanitized forensic analyses, threat briefings, and aggregated annual reports, there are a two basic facts that emerge: 1. There are a lot of different attacker groups with access to the same Internet as baby boomers and short-term contractors. 2. Most of them are proficient at user impersonation once on the network to remain undetected for months. In this reality, our organizations need to do more than just build defenses and sit in waiting until known signature

3 min Authentication

Insider Threat or Intruder: Effective Detection Doesn't Care

For various reasons, I have recently had a lot of conversations about insider threats. What is the best solution for them? How can they be detected? Does InsightIDR [https://www.rapid7.com/products/insightidr/] detect them? Rather than answering these questions with more questions, here is what I say: when you are detecting the malicious activity properly, the precise actor is unimportant. It is extremely important for the follow-up investigation and response that you know whether the person w

4 min SIEM

Enterprise Account Takeover: The Moment Intruders Become Insiders

Every time an attacker successfully breaches an organization, there is a flurry of articles and tweets attempting to explain exactly what happened so information security teams worldwide are able to either a) sleep at night because they have mitigated the vector or b) lose only one night of sleep mitigating it. Here's the problem: every breach is complex and involves a great deal more malicious actions than are published on your chosen 24-hour news website. The least detected action is the use o

4 min Skills

Are You Enabling Corporate Espionage?

While I was flipping through some news stories the other day, a small headline appeared that piqued my interest [http://www.darkreading.com/attacks-breaches/former-st-louis-cardinals-exec-pleads-guilty-to-cyber-espionage-charges/d/d-id/1323824?_mc=RSS_DR_EDT] . The headline reads: Former St. Louis Cardinals Exec Pleads Guilty To Cyber Espionage Charges Cyber espionage… in baseball? That was too intriguing to pass up! It essentially describes this: employees from one club, the St Louis Cardina

3 min Haxmas

12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)

Ho ho ho, Merry HaXmas [/tag/haxmas/]! For those of you new to this series, every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year we're kicking the series off with something not altogether hackery, but it's a gift, see, so very appropriate for the season. For the past couple of years, I've provided free media training at various security conferences, often as part of an I Am The Cavalry [https://www.iamthecavalry.org/] track,

3 min Skills

Tis the season! For user outreach

As we prepare to move into the end of the year holiday season, organizations tend to enter into one of two modes: they are either winding down end of the year activities in preparation to close their books, or they are sprinting to get things done before the end of the year. Sometimes it's a mixture of both these things. One common theme no matter what mode you are in, is your users will be distracted by the holidays. And if they are distracted, they are more prone to error, which means more vul

2 min Skills

How Does #cyberaware Broaden Our Community?

We all know, from experience or the Verizon DBIR, that stolen credentials are the most common attack vector. Users still present massive risk to our organizations, yet there's plenty of debate about the effectiveness of user training. Meanwhile, users are getting all the FUD of breaches in the news, and aren't yet armed to have constructive conversations about them. Now, this is not to say there aren't awesome security teams running security training programs out there – there most definitely a

2 min Phishing

Top 3 Takeaways from the "How to Make your Workplace Cyber-Safe" Webcast

In the first of four Cyber Security Awareness Month webcasts [https://information.rapid7.com/cyber-security-awareness-month-2015.html?CS=blog] , a panel of security experts, including Bob Lord, CISO in Residence at Rapid7, Ed Adams, President and CEO at Security Innovation, Chris Secrest, Information Security Manager at MetaBank, and Josh Feinblum, VP of Information Security at Rapid7, came together to discuss, "How to Make your Workplace Cyber-Safe [https://information.rapid7.com/how-to-make-yo

3 min Incident Response

Detecting Intruders Early Can Ruin Their Business Model

If you look at attackers as faceless, sophisticated digital ninjas, it instills fear, but doesn't really help to stop them. While there are many motivations for attacking an organization and stealing its data, the most frequent are based on money. This is why it sometimes helps to view them as you would any other business: as having costs and needing to generate revenue to survive. Attacker groups are similar to high-tech startups There is a thriving economy full of people who breach organizati

2 min Incident Response

Top 3 Takeaways from the "Security Pro's Guide to Breach Preparedness and Response" Webcast

In this week's webcast Wade Woolwine [/author/wade-woolwine] and Mike Scutt talked about how to prepare for an incident and be ready to respond effectively when one occurs. Breaches are happening all the time. They vary in size and scope, but will end up affecting every organization in one way or another. Incident preparedness leads to more efficient and streamlined incident response. Read on to learn the top takeaways from Wade and Mike's “Security Pro's Guide to Breach Preparedness and Respons

2 min Authentication

Top 3 Takeaways from the "Planning for Failure: How to Succeed at Detecting Intruders on your Network" Webcast

Last week, Rick Holland, Principal Analyst at Forrester Research joined Christian Kirsch [/author/christian-kirsch] to discuss the concept of planning for failure in your security programs by being equipped to detect and investigate effectively when intruders get past your defenses. Read on to learn the top takeaways from their discussion on “Planning for Failure: How to Succeed at Detecting Intruders on your Network [https://information.rapid7.com/detecting-intruders-on-your-network-webcast.ht

3 min Skills

Top 4 Takeaways from the "2015 Security New Year's Resolutions: Expert Panel" Webcast

In this week's webcast, our panel of security experts took the time to reflect on the past year and discuss their 2015 Security New Year's Resolutions [https://information.rapid7.com/2015-security-resolutions.html?CS=blog]. For this discussion Trey Ford [/author/trey-ford/], Global Security Strategist at Rapid7, and Josh Feinblum [/author/josh-feinblum/], VP of Information Security at Rapid7 were joined by Andrew Plato, President/CEO at Anitian, Chris Calvert, Senior Strategy Manager – Red Team

3 min Phishing

How Vulnerable Are Your Phishing Targets?

When you're assessing the exposure to phishing in your organization, one important part are the client-side vulnerabilities that would enable a malicious attacker to exploit a browser. In this blog post, I'd like to outline a non-invasive (and free!) way to get visibility into your client-side risk landscape. There are essentially two ways to use phishing as part of your security program. * Phish 2 Pwn: If you are a penetration tester, you'll likely use spear phishing of a couple of users

2 min Social Engineering

Social Media: Vector for the New Economic Attack?

The big news in security this week has been the hijacking of the Associated Press' Twitter account [http://www.nbcnews.com/technology/technolog/ap-twitter-account-hacked-posts-false-white-house-scare-6C9560165] . The attackers leveraged the "bad news" atmosphere created by the events in Boston last week to gain some measure of credibility for a tweet about bombs exploding at the White House. This is not a particularly new approach: in 2007, the Storm Worm [http://en.wikipedia.org/wiki/Storm_Worm